The ipv6 icmp command enables the system to send or receive ICMPv6 messages.
The undo ipv6 icmp command disables the system to send or receive ICMPv6 messages.
The clear ipv6 icmp command clears the configurations of the ipv6 icmp and undo ipv6 icmp commands.
By default, a device sends or receives well-known ICMPv6 messages not other types of ICMPv6 messages.
ipv6 icmp { echo-reply | echo | err-header-field | hop-limit-exceeded | neighbor-advertisement | neighbor-solicitation | network-unreachable | packet-too-big | redirect | router-advertisement | router-solicitation | multicast-listener-report-v2 | multicast-listener-query | multicast-listener-report | multicast-listener-done } { send | receive }
ipv6 icmp { frag-time-exceeded | host-admin-prohib | unknown-next-hdr } { send | receive }
ipv6 icmp unknown-ipv6-opt { send | receive }
ipv6 icmp host-unreachable { send | receive }
ipv6 icmp port-unreachable { send | receive }
ipv6 icmp icmp6Type icmp6Code { send | receive }
ipv6 icmp all-famous { send | receive }
clear ipv6 icmp { echo-reply | echo | err-header-field | hop-limit-exceeded | neighbor-advertisement | neighbor-solicitation | network-unreachable | packet-too-big | redirect | router-advertisement | router-solicitation | multicast-listener-report-v2 | multicast-listener-query | multicast-listener-report | multicast-listener-done } { send | receive }
clear ipv6 icmp { frag-time-exceeded | host-admin-prohib | unknown-next-hdr } { send | receive }
clear ipv6 icmp unknown-ipv6-opt { send | receive }
clear ipv6 icmp host-unreachable { send | receive }
clear ipv6 icmp port-unreachable { send | receive }
clear ipv6 icmp icmp6Type icmp6Code { send | receive }
clear ipv6 icmp all-famous { send | receive }
undo ipv6 icmp { echo-reply | echo | err-header-field | hop-limit-exceeded | neighbor-advertisement | neighbor-solicitation | network-unreachable | packet-too-big | redirect | router-advertisement | router-solicitation | multicast-listener-report-v2 | multicast-listener-query | multicast-listener-report | multicast-listener-done } { send | receive }
undo ipv6 icmp { frag-time-exceeded | host-admin-prohib | unknown-next-hdr } { send | receive }
undo ipv6 icmp unknown-ipv6-opt { send | receive }
undo ipv6 icmp host-unreachable { send | receive }
undo ipv6 icmp port-unreachable { send | receive }
undo ipv6 icmp icmp6Type icmp6Code { send | receive }
undo ipv6 icmp all-famous { send | receive }
| Parameter | Description | Value |
|---|---|---|
| echo-reply |
Indicates an Echo Reply message. |
- |
| echo |
Indicates an Echo message. |
- |
| err-header-field |
Indicates an ICMPv6 error header field message. |
- |
| hop-limit-exceeded |
Indicates an ICMPv6 Hop Limit Exceeded message. |
- |
| neighbor-advertisement |
Indicates an ICMPv6 neighbor advertisement message. |
- |
| neighbor-solicitation |
Indicates an ICMPv6 neighbor solicitation message. |
- |
| network-unreachable |
Indicates an ICMPv6 Network Unreachable message. |
- |
| packet-too-big |
Indicates an ICMPv6 Packet Too Big message. |
- |
| redirect |
Indicates an ICMPv6 redirect message. |
- |
| router-advertisement |
Indicates an ICMPv6 router advertisement message. |
- |
| router-solicitation |
Indicates an ICMPv6 router solicitation message. |
- |
| multicast-listener-report-v2 |
Indicates a Version 2 Multicast Listener Report message. |
- |
| multicast-listener-query |
Indicates a Multicast Listener Query message. |
- |
| multicast-listener-report |
Indicates a Multicast Listener Report message. |
- |
| multicast-listener-done |
Indicates a Multicast Listener Done message. |
- |
| send |
Enables the system to send ICMPv6 messages. |
- |
| receive |
Enables the system to receive ICMPv6 messages. |
- |
| frag-time-exceeded |
Indicates an ICMPv6 Fragment Time Exceeded message. |
- |
| host-admin-prohib |
Indicates an ICMPv6 host administratively prohibited message. |
- |
| unknown-next-hdr |
Indicates an ICMPv6 unknown Next Header type message. |
- |
| unknown-ipv6-opt |
Indicates an ICMPv6 unknown IPv6 option message. |
- |
| host-unreachable |
Indicates an ICMPv6 Host Unreachable message. |
- |
| port-unreachable |
Indicates an ICMPv6 Port Unreachable message. |
- |
| icmp6Type |
Specifies the type of an ICMPv6 message. |
The value is an integer that ranges from 0 to 255. |
| icmp6Code |
Specifies the code of an ICMPv6 message. |
The value is an integer that ranges from 0 to 255. |
| all-famous |
Indicates all-famous ICMPv6 messages, including:
|
- |
Usage Scenario
On a normal network, a device can correctly send or receive ICMPv6 messages; however, when network traffic load is heavy, host unreachable or port unreachable events frequently occur and routers need to send a large number of ICMPv6 messages, which burdens the network and degrades the performance of the routers. In addition, attackers usually use ICMPv6 error messages to probe the internal network topology illegitimately.
To improve network performance and security, run the undo ipv6 icmp command to disable routing devices from sending or receiving ICMPv6 messages of specified types, such as Echo Reply, Host Unreachable, and Port Unreachable messages. If all-famous, ND-related parameters, or MLD-related parameters are specified, exercise caution when running this command. Otherwise, IPv6 unicast services (ND) or multicast services (MLD) may be affected.Configuration Impact
After the system is disabled from sending or receiving ICMPv6 Echo-Reply messages, Host-Unreachable messages, and Port-Unreachable messages, the system counts only the number of discarded messages instead of the number of sent or receive Echo-Reply messages, Host-Unreachable messages, and Port-Unreachable messages.
Precautions
When the network becomes normal again, you can run the ipv6 icmp command to re-enable the system to process ICMPv6 messages.
<HUAWEI> system-view [~HUAWEI] undo ipv6 icmp echo-reply send
<HUAWEI> system-view [~HUAWEI] ipv6 icmp redirect send
<HUAWEI> system-view [~HUAWEI] ipv6 icmp echo-reply send